[Seattle-SAGE] VPN-in-a-box recommendations?

Eric eric at kahklen.com
Thu Feb 23 14:37:07 PST 2006 

This is my first post to this list, but I thought I'd give my 2 cents.

We run a Watchguard now which I need to replace soon.  It wasn't easy to 
setup and the VPN client is/was only for Windows.  I am definitely 
looking for good recommendations like Paul for a rock solid 
firewall/VPN.  I use the VPN mainly for technical support.  We have 
about 75 users on a fractional T1.  One thing that I like about the 
Watchguard is the SMTP proxy to weed out all those nasty attachments :)

Thanks,
Eric

Atom Powers wrote:

>On 2/23/06, Paul English <tallpaul at speakeasy.org> wrote:
>  
>
>>I'm wondering if anyone has any specific recommendations for an all-in-one
>>VPN solution for roadwarriors.
>>    
>>
>
>I deployed these in a small-medium business, but just between office locations.
>http://www.cyberguard.com/products/firewall/index.html
>I used the SG560. They are Linux based systems using FreeSWAN, but
>with an easy to use web-front end on them. You can also ssh directly
>into the OS and tweak with it to make it do what you want.
>
>Stay as far away from WatchGuard as you can. Although easy to install
>they, are a serious pain if you want to do anything more than the most
>basic brain-dead firewall/VPN.
>
>SonicWall didn't impress me either, and the NetGear is even worse (but
>not as bad as the WatchGuard). Frankly I wouldn't use NetGear for
>anything but the lowest priority infrastructure, in my experience they
>have some very serious overheating issues.
>
>NetScreen has some pretty decent gear, although the little box I had
>kept overheating and crashing. Not knowing more about your situation I
>would probably reccoment a mid-range NetScreen product.
>
>You may also want to look at the ServGate line; or the CyberGuard TSP
>line if you have a large budget.
>
>  
>
>>In the immediate term I need:
>>
>>support for Windows and Mac soft clients
>>SNMP
>>firewall
>>QoS (I'd like to run some VOIP lines through it)
>>
>>    
>>
>
>QoS isn't going to do you much good on a VPN. Sure, you can give some
>data priority on your endpoints (VPN server, VPN client) the whole
>wide internet in between doesn't give a rat's @$$ about your data.
>
>
>
>--
>--
>Perfection is just a word I use occasionally with mustard.
>--Atom Powers--
>
>_______________________________________________
>Members mailing list
>Members at lists.seattle-sage.org
>http://lists.seattle-sage.org/mailman/listinfo/members
>  
>

-- 
Eric Kahklen
Lynnwood, WA
206-595-2934

More information about the Members mailing list